How to inject a repo or service in a middleware in a clean way?

I'm currently working on a web application and implementing a user authentication system using middleware in Go. I'm wondering what the best way is to inject a repository or service in a middleware for user authentication.

The reason I want to do this is because I want to use a repository's method for every user authentication. However, I'm not sure if it's clean to inject a repository or service in a middleware.

Does anyone have any suggestions or best practices for how to do this in a clean and maintainable way?

I have read this question on Stackoverflow but it seems to be related to C# and not necessarily a design issue.

Thanks in advance for your insights.

There are maybe more than a hundred ways to answer to your question, but I'll try to make an answer based on my experiences.
First, if I understood your question, you need to know how to inject a repository on a middleware then after, to know if it's a good practice.

About your first point:

type AuthenticationRepository interface {
	GetApiKey(location string) (string, error)
}

func AuthorizationMiddleware(authRepo AuthenticationRepository) gin.HandlerFunc {
	return func(c *gin.Context) {
		// Get the location and key from headers
		location := c.GetHeader("Host")
		apiKey := c.GetHeader("Key")

		// Use the repository to get the API key from location
		expectedKey, err := authRepo.GetApiKey(location)
		if err != nil {
			log.Errorf("Unexpected error when trying to get api key: %v", err)
			c.AbortWithStatus(http.StatusServiceUnavailable)
			return
		}

		if expectedKey != apiKey {
			c.AbortWithStatus(http.StatusUnauthorized)
			return
		}

		// Call the next handler
		c.Next()
	}
}

With this basic example, you can do what you need on your repository.

Now about your second point, is it a good practice to do that? If you have only few users or services, yes, you will not have problems.
But, if you want to have a scalable infrastructure with a lot of users: no, this is not a good practice.

Why? Because all your services must retrieve information from your repository. So you are introducing a SPOF and a lot of latency on all your endpoints.
You can do some caching, but it will be hard to manage if you have a large amount of users.

To handle this, you will need to know the difference between authentication and authorization: authentication verifies the identity of a user or service, and authorization determines their access rights.

So, for example, you can authenticate a user with his username/password (or a service with his client_id/client_secret), then, after authentication your authorization service will provide a JWT token. This token is signed and can be verified by any service that have the corresponding public key. So you don't need to reach a specific service/storage from a repository on every request, because with this public key, you can authorize access requests (depending on additional verified token claims).

Some documentation about JWT and flow to get it:

• https://auth0.com/docs/secure/tokens/json-web-tokens
• https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use

So, all of that depend on the volume of users